As mobile devices become more common, individuals and organizations are becoming increasingly vulnerable to security threats that target those devices. For example, users of ANDROID and APPLE smart phones often download new applications from online distribution platforms, such as the GOOGLE PLAY STORE and APPLE APP STORE. Attackers may attempt to compromise the security of various mobile devices by uploading malicious applications to these online distribution platforms. For example, attackers may obtain an application that is popular and non-malicious. The attackers may then modify the application to insert malicious code or otherwise create a security threat for the end-user. Accordingly, security vendors are seeking systems and methods to better identify and prevent the security threats.
For ease of distribution, mobile device applications may be packaged within an aggregated package file. The aggregated package file may group various files for the application together while also compressing the size of those files. To upload a modified and malicious version of an application, attackers may first repackage the files that are associated with that malicious version of the application. Nevertheless, security vendors may not always be able to conveniently determine whether an application has been repackaged. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for identifying repackaged files.